Privacy policy
Privacy policy
on the processing of personal data obtained via the website https://valera.com/
Pursuant to the Federal Data Protection Law (LPD), Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC (eDirective), we hereby provide essential information about the processing of the personal data obtained during your experience on our website https://valera.com/
1. CATEGORIES OF PERSONAL DATA PROCESSED | DEFINITIONS
The personal data provided – or otherwise acquired in compliance with current regulations and contractual requirements – in relation to, connected with and/or relevant to our assessment of your experience on our website, will be processed in accordance with the privacy regulations and confidentiality requirements applicable in your case.
Personal data: all information about an identified or identifiable person.
In particular, we will process the following personal data: browsing data (see the cookie policy for more information about the data obtained using cookies); data provided directly by the data subject (e.g. to access the private area, on the forms used to purchase our products and/or in the “Contact us” area).
Please note that, in the ordinary course of business, the IT systems used to administer this website gather certain personal data whose transmission is inherent to the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and devices used by data subjects, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (completed, error, etc.) and other parameters relating to the operating system and the IT environment of the data subject.
Data subjects: natural persons whose data in subjected to processing (hereinafter also referred to as “you”).
Processing: any operation on personal data regardless of the means and procedures used including, in particular, the collection, retention, use, update, communication, filing or erasure of such data.
Communication: the process of making personal data available, for example by allowing access to it, or its transmission or publication.
2. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The party that determines the purposes and means of processing your personal data is LIGO ELECTRIC SA, the Swiss company that owns the “Valera” brand, with registered office at via Ponte Laveggio 9, 6853 Ligornetto - Mendrisio (hereinafter also referred to as “Ligo Electric” or “Controller” or “Company” or “us”).
The Controller may be contacted at the following e-mail address: privacy@valera.com
2.1 REPRESENTATIVE OF THE DATA CONTROLLER IN THE EU TERRITORY
The representative of the Data Controller, pursuant to Article 27 of the GDPR, for the member states of the European Economic Area (EEA) is LABOR PROJECT SRL, with registered office at Via Brianza 65, 22063 Cantù (CO), Italy, in the person of its temporary Legal Representative. You may contact the representative for any information by email at the following address: ligo.rappue@laborproject.it
3. PURPOSE OF PROCESSING | REASON | DATA RETENTION PERIOD
|
PURPOSE OF PROCESSING |
REASON | LEGAL BASIS |
DATA RETENTION PERIOD |
NATURE OF DATA PROVISION |
|
a) Activities strictly needed to ensure that the data subject can browse this website, and to check that it is functioning properly.
|
Overriding Interest of the Controller (Art. 31 LPD) | Legitimate interest of the Controller (Art. 6(1)(F) and Recital 47 GDPR) |
The data will be retained until the end of the browsing session. Please see our cookie policy with regard to the data processed using technical cookies |
The provision of data is necessary for the proper navigation of the website. |
|
b) Obtain anonymous statistics about the use of our website.
|
Please see our cookie policy |
Please see our cookie policy |
Please see our Cookie Policy. |
|
c) Respond to requests received via the “Contact us” form. |
Overriding Interest of the Data Controller (Art. 31 LPD) | Performance of Pre-Contractual Measures (Recital 44 and Art. 6(1)(B) GDPR) |
The data will be processed for the time needed to give the response requested and, in all cases, for not more than 1 year from the request |
The provision of data is necessary for the achievement of this purpose. |
|
d) Processing of any online purchases and related administrative and accounting activities (e.g. order management and shipment handling). |
Overriding Interest of the Data Controller (Art. 31 LPD) | Performance of Pre-Contractual Measures (Recital 44 and Art. 6(1)(B) GDPR) |
The data will be processed for up to 10 years from the date of purchase. |
The provision of data is necessary for the achievement of this purpose. |
|
e) Create a personal account and access the related private area of the website. |
Overriding interest of the Controller (Art. 31 LPD) | Execution of pre-contractual measures (Recital 44 and Art. 6(1)(B) GDPR) |
The data will be processed until deletion of the personal account |
The provision of data is optional and will not affect the proper use of the website. However, failure to provide such data will make it impossible for the Data Controller to provide this service. |
|
g) Direct marketing by the Controller (newsletter). |
Consent of the Data Subject (Art. 31 LPD | Recitals 42, 43 and Art. 6(1)(a) GDPR) |
The data will be processed until consent is revoked |
The provision of data is optional and will not affect the proper use of the website. However, failure to provide such data will make it impossible for the Data Controller to provide this service. |
|
h) Profiled marketing: data subjects may receive commercial communications based on data collected via the website. For example: products for consumers, hair-care professionals or hotel use; social media targeting |
Consent of the Data Subject (Art. 31 LPD | Recitals 42, 43 and Art. 6(1)(a) GDPR) |
The data will be processed until consent is revoked |
The provision of data is optional and will not affect the proper use of the website. However, failure to provide such data will make it impossible for the Data Controller to provide this service. |
3.1 METHODS OF DATA PROCESSING
Processing will be carried out automatically and/or manually, using methods and tools that guarantee maximum security and confidentiality, by parties specifically trained in this regard. The personal data collected will be retained in a form that allows data subjects to be identified for a period of time that does not exceed achievement of the purposes for which such personal data was processed.
4. RECIPIENTS OF PERSONAL DATA
We may share personal data with employees and/or personnel authorized (and duly instructed) by the Controller, as well as with third parties that are contractually bound to the Controller, in order to meet our contractual obligations and achieve one or more of the above purposes of processing. Such third parties will process the data provided in their capacity as Processors or independent controllers. Specifically, we may share the personal data collected with the following categories of recipient: a) parties that provide services linked to the functioning of this website, the IT system of Ligo Electric and telecommunication networks (e.g. hosting provider, webmaster); b) parties that provide support and advice (e.g. Web & digital marketing agencies); c) competent authorities in compliance with legal requirements and/or instructions from public bodies, upon request; d) electronic payment service providers; e) couriers and forwarding agents.
5. TRANSMISSION OF PERSONAL DATA OUTSIDE OF THE CONFEDERATION
The website is based in France (hosting) and, therefore, the personal data processed will be both retained in Switzerland and transmitted outside of the Swiss Confederation to a country that the Federal Council considers adequate for the communication of personal data (see Annex 1 OPDa https://www.fedlex.admin.ch/eli/oc/2022/568/it)
If personal data is communicated to third countries not included in Annex 1 OPDa, the transfer will comply with the provisions of the LPD and the OPDa and, in particular, on following basis:
- presence of adequate guarantees, specifically contractual clauses, that ensure adequate protection abroad;
- processing directly linked to the completion or execution of a contract when the data processed relates to the counterparty;
- communication within the same legal entity or company, or between legal entities or companies under common management, on condition that both the issuer and the receiver comply with rules designed to guarantee an adequate level of data protection.
6. RIGHTS OF THE DATA SUBJECT
|
Pursuant to the LPD, you are recognized the following rights : - obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to gain access to such personal data (Access). - obtain the rectification of inexact or obsolete personal data; - be informed in writing, without charge, whether or not your personal data is subjected to processing; - prevent the communication of sensitive personal data to third parties; - obtain the portability of personal data or request its transfer to third parties; - request the restriction or blocking of data processing, the prevention of the communication of personal data to third parties, or the rectification or erasure of personal data; - request the ban of a specific type of processing of your personal data, or a specific type of communication of your personal data to third parties, or the deletion or erasure of certain personal data; - if neither the accuracy or the inaccuracy of the personal data can be demonstrated, request the addition of a note indicating the objection; - request that the rectification, erasure or blocking of, in particular, communications to third parties, as well as the note indicating the objection or ruling, be communicated to third parties or published; - have the processing of your personal data declared unlawful; - revoke any consent for processing given previously. |
Pursuant to the GDPR, you are recognized the following rights: - Obtain from the Controller confirmation about whether or not your personal data is being processed and, if so, obtain access to that personal data (Access); - Obtain from the Controller the rectification of inexact personal data (Rectification); - Obtain from the Controller the erasure or your personal data (Erasure); - Obtain from the Controller the restriction of processing (Restriction); - Receive your personal data from the Controller in a structured, commonly used, machine-readable format and obtain its transmission to another controller without hindrance from the controller to which the personal data was provided (Portability); - Object at any time, for reasons associated with your specific situation, to the processing of your personal data (Objection); - Revoke any consent for processing given previously. |
Without prejudice to any other administrative or jurisdictional recourse, if you believe that the processing of your data infringes the LPD and/or the GDPR, you are entitled to lodge a complaint with the competent supervisory authority (for Switzerland: Federal Authority for Data Protection and Transparency; for the European Economic Area, see the website of the European Data Protection Board https://edpb.europa.eu/about-edpb/about-edpb/members_en).
You may exercise your rights under the LPD and the GDPR (where applicable) by contacting the Data Controller or, in the case of GDPR applicability, the Data Controller’s Representative within the EU territory, by writing to the addresses indicated above.
7. ADDITIONAL INFORMATION | AMENDMENTS | UPDATES
We do not sell the personal data processed by us.
The Controller reserves the right, at its sole discretion, to revise, update, add or remove any part of this privacy policy at any time. In the event of amendments, the date of change will be indicated.
Last updated: September 11, 2025